Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

2017-09-2116:43:32

Gentoo Foundation

advisories.mageia.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.015

Percentile

87.0%

JSON

A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10198). A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10199). A crafted AVI file could have caused an invalid read and thus corruption or denial of service (CVE-2017-5840). A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (CVE-2017-5841). A crafted AVI file could have caused an invalid read access resulting in denial of service (CVE-2017-5845). Note that GStreamer 0.10 was only affected by CVE-2016-10198 and CVE-2017-5840.

OSVersionArchitecturePackageVersionFilename
Mageia5noarchgstreamer0.10-plugins-good< 0.10.31-9.2gstreamer0.10-plugins-good-0.10.31-9.2.mga5
Mageia5noarchgstreamer1.0-plugins-good< 1.4.3-2.2gstreamer1.0-plugins-good-1.4.3-2.2.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	gstreamer0.10-plugins-good	< 0.10.31-9.2	gstreamer0.10-plugins-good-0.10.31-9.2.mga5
Mageia	5	noarch	gstreamer1.0-plugins-good	< 1.4.3-2.2	gstreamer1.0-plugins-good-1.4.3-2.2.mga5